Chore: Notify in slack when nightly docker image scan fails (#34980)

* Add scan docker image step, when pipeline fails notify in slack channel * Add star code that generates the yaml file for the fail message to slack * Fix template message * Make message more detailed * Adjust the name of the step
2025-02-25 18:55:37 -06:00 · 2021-05-31 17:33:22 +02:00 · 2021-05-31 17:33:22 +02:00 · c62602d941
commit c62602d941
parent a23674ef99
2 changed files with 29 additions and 1 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -3457,6 +3457,17 @@ steps:
  - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest-ubuntu
  - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main-ubuntu

+- name: slack-notify-failure
+  image: plugins/slack
+  settings:
+    channel: grafana-backend
+    template: "Nightly docker image scan job for {{repo.name}} failed: {{build.link}}"
+    webhook:
+      from_secret: slack_webhook
+  when:
+    status:
+    - failure
+
 trigger:
  cron:
  - nightly
--- a/scripts/job.star
+++ b/scripts/job.star
@ -1,3 +1,5 @@
+load('scripts/vault.star', 'from_secret')
+
 def cronjobs(edition):
    if edition != 'oss':
        edition='grafana-enterprise'
@ -15,6 +17,7 @@ def cronjobs(edition):
    steps=[ 
        scan_docker_image_unkown_low_medium_vulnerabilities_step(edition),
        scan_docker_image_high_critical_vulnerabilities_step(edition),
+        slack_job_failed_step('grafana-backend'),
    ]
    return [
        {
@ -40,7 +43,7 @@ def scan_docker_image_unkown_low_medium_vulnerabilities_step(edition):
    }

 def scan_docker_image_high_critical_vulnerabilities_step(edition):
-    tags=['latest','main','latest-ubuntu','main-ubuntu']
+    tags=['latest', 'main', 'latest-ubuntu', 'main-ubuntu']
    commands=[]
    for t in tags:
        commands.append('trivy --exit-code 1 --severity HIGH,CRITICAL grafana/{}:{}'.format(edition,t))
@ -50,3 +53,17 @@ def scan_docker_image_high_critical_vulnerabilities_step(edition):
        'image': 'aquasec/trivy:0.18.3',
        'commands': commands,
    }
+
+def slack_job_failed_step(channel):
+    return {
+        'name': 'slack-notify-failure',
+        'image': 'plugins/slack',
+        'settings': {
+            'webhook': from_secret('slack_webhook'),
+            'channel': channel,
+            'template': 'Nightly docker image scan job for {{repo.name}} failed: {{build.link}}',
+        },
+        'when': {
+            'status': 'failure'
+        }
+    }